• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

Shoulder Surfing: What It Is And How to Prevent It

October 2, 2023 By Rublon Authors

Last updated on March 26, 2024

Shoulder surfing is a type of social engineering where someone attempts to peek at your private or sensitive information by glancing over your shoulder. It can happen anywhere and anytime, whether you are using your phone, laptop, tablet, or ATM. Shoulder surfers can steal your passwords, PINs, bank details, credit card numbers, or any other sensitive data that you enter or display on your device. They can also take photos or videos of your screen without your notice. Shoulder surfing can lead to identity theft, fraud, blackmail, or other serious consequences. In this article, we will explain how shoulder surfers operate and what they look for, common scenarios where shoulder surfing can happen, and how to prevent shoulder surfing and protect your privacy. By the end of this article, you will be more aware of the risks of shoulder surfing and how to avoid becoming a victim.

Image portraying shoulder surfing

How Shoulder Surfers Operate and What They Look For

Shoulder surfers are opportunistic and cunning. They can be anyone, from strangers to acquaintances, who have malicious intent to access your information. Shoulder surfers can act casually or pretend to be busy with something else, while secretly observing your screen or keyboard. They can also use devices such as binoculars, cameras, or spyware to enhance their spying capabilities. Shoulder surfers look for any information that can be useful or valuable to them, such as:

  • Login credentials for your online accounts, such as email, social media, banking, shopping, etc.
  • Phone lock screen codes, or PINs for your credit or debit cards.
  • Bank account numbers, credit card numbers, security codes, or expiration dates.
  • Personal information, such as your name, address, phone number, date of birth, etc.
  • Confidential information, such as your medical records, tax returns, business documents, etc.

Shoulder surfers can use this information to impersonate you, access your accounts, make unauthorized transactions, apply for loans or credit cards in your name, sell your information to third parties, or blackmail you. Therefore, it is important to be vigilant when using your devices in public places.

Common Scenarios Where Shoulder Surfing Can Happen

  1. Cafes, restaurants, bars, or hotels, where you may use your laptop or phone to work, browse, or check your emails.
  2. Libraries, schools, or offices, where you may use your computer or tablet to study, research, or complete your tasks.
  3. Airports, train stations, or buses, where you may use your phone or laptop to book tickets, check in, or access your travel documents.
  4. ATMs, kiosks, or self-checkout machines, where you may use your card or phone to withdraw cash, pay bills, or purchase items.

In these scenarios, shoulder surfers can take advantage of the crowded or noisy environment, the lack of privacy or security measures, or your distraction or carelessness. They can also create diversions or distractions to make you lower your guard or expose your information. For example, they can ask you for directions, offer you help, spill something on you, or cause a commotion. Therefore, it is important to be alert and aware of your surroundings when using your devices in public places.

How to Prevent Shoulder Surfing and Protect Your Privacy

  1. Avoid using your devices in public places unless necessary. If you have to use them, choose a secluded or secure spot, such as a corner or a booth, where you can minimize the exposure of your screen or keyboard.
  2. Use strong and unique passwords for your online accounts, and change them regularly. Do not use the same password for multiple accounts, or use passwords that are easy to guess, such as your name, date of birth, or phone number.
  3. Use multi-factor authentication (MFA) for your online accounts, especially for those that contain sensitive or financial information. This way, even if someone uses shoulder surfing to steal your password, they will not be able to access your account without the second factor or your biometric data.
  4. Use privacy screens or filters for your devices, which can reduce the visibility of your screen from different angles. You can also adjust the brightness or contrast of your screen to make it harder to see from afar.
  5. Cover or shield your keyboard or keypad when entering your PINs or passwords. You can also use virtual keyboards or password managers to avoid typing your passwords on physical keyboards.
  6. Lock your screen or log out of your accounts when you are not using your devices. Do not leave your devices unattended or lend them to strangers. If you lose your device or suspect that it has been compromised, report it immediately and change your passwords as soon as possible.
  7. If you are using MFA via SMS Passcode, disable the SMS preview on the lock screen.
  8. Be wary of strangers who approach you or try to distract you when you are using your devices. Do not reveal personal or confidential information to anyone you do not trust. If you feel uncomfortable or suspicious, move away or ask for help.

Rublon MFA is Your Best Defense Against Shoulder Surfing

One of the best ways to prevent shoulder surfing and protect your online accounts is to use multi-factor authentication (MFA), which asks you to provide more than one piece of proof to confirm your identity. MFA can make it harder for shoulder surfers to access your accounts even if they steal your passwords or PINs. However, not all MFA methods are equally resistant to shoulder surfing. Shoulder surfers can still observe or intercept some authentication methods, such as SMS codes or TOTP. That’s why you need a reliable and secure MFA solution like Rublon. Rublon is a cloud-based MFA solution that offers various methods that are resistant to shoulder surfing, such as:

  • Mobile Push: You can approve or deny login requests from your smartphone with a simple tap. No need to enter any codes or passwords.
  • QR Code: You can scan a QR code displayed on the login screen with your smartphone camera. No need to type anything or reveal anything on your screen.
  • FIDO Security Key: You can use a physical device that plugs into your computer or connects via Bluetooth or NFC. No need to rely on your phone or network.

With Rublon MFA, you can enjoy the benefits of MFA without worrying about shoulder surfing. Rublon is easy to use, flexible, and compatible with various platforms and applications.

Start Free Trial

Conclusion

Shoulder surfing is a serious threat that can compromise your personal or confidential information and cause you harm. It can happen in any public place where you use your devices, and shoulder surfers can use various methods and devices to spy on your information. However, you can avoid shoulder surfing and protect your privacy by following some simple tips, such as choosing a secure spot, using strong passwords and authentication methods, using privacy screens or filters, covering or shielding your keyboard or keypad, locking your screen or logging out of your accounts, and being wary of strangers or distractions. By being cautious, you can prevent shoulder surfing and keep your information safe.

Filed Under: Blog

Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Secure Your Entire Infrastructure With Ease!

Experience Rublon MFA
Free for 30 Days!

Free Trial
No Credit Card Required

Need Assistance?

Ready to Buy?

We're Here to Help!

Contact

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English